Fix up CTR_DRBG_update comment.
The original comment was a little confusing. Also lowercase
CTR_DRBG_update to make our usual naming for static functions.
Bug: 227
Change-Id: I381c7ba12b788452d54520b7bc3b13bba8a59f2d
Reviewed-on: https://boringssl-review.googlesource.com/25204
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/fipsmodule/rand/ctrdrbg.c b/crypto/fipsmodule/rand/ctrdrbg.c
index 9f8be66..f2fe8b3 100644
--- a/crypto/fipsmodule/rand/ctrdrbg.c
+++ b/crypto/fipsmodule/rand/ctrdrbg.c
@@ -74,11 +74,11 @@
CRYPTO_bswap4(CRYPTO_bswap4(drbg->counter.words[3]) + n);
}
-static int CTR_DRBG_update(CTR_DRBG_STATE *drbg, const uint8_t *data,
+static int ctr_drbg_update(CTR_DRBG_STATE *drbg, const uint8_t *data,
size_t data_len) {
- // Section 10.2.1.2. A value of |data_len| which less than
- // |CTR_DRBG_ENTROPY_LEN| is permitted and acts the same as right-padding
- // with zeros. This can save a copy.
+ // Per section 10.2.1.2, |data_len| must be |CTR_DRBG_ENTROPY_LEN|. Here, we
+ // allow shorter inputs and right-pad them with zeros. This is equivalent to
+ // the specified algorithm but saves a copy in |CTR_DRBG_generate|.
if (data_len > CTR_DRBG_ENTROPY_LEN) {
return 0;
}
@@ -119,7 +119,7 @@
entropy = entropy_copy;
}
- if (!CTR_DRBG_update(drbg, entropy, CTR_DRBG_ENTROPY_LEN)) {
+ if (!ctr_drbg_update(drbg, entropy, CTR_DRBG_ENTROPY_LEN)) {
return 0;
}
@@ -142,7 +142,7 @@
}
if (additional_data_len != 0 &&
- !CTR_DRBG_update(drbg, additional_data, additional_data_len)) {
+ !ctr_drbg_update(drbg, additional_data, additional_data_len)) {
return 0;
}
@@ -187,7 +187,9 @@
OPENSSL_memcpy(out, block, out_len);
}
- if (!CTR_DRBG_update(drbg, additional_data, additional_data_len)) {
+ // Right-padding |additional_data| in step 2.2 is handled implicitly by
+ // |ctr_drbg_update|, to save a copy.
+ if (!ctr_drbg_update(drbg, additional_data, additional_data_len)) {
return 0;
}